from:"Jo Rhett"

On Nov 15, 2013, at 2:35 PM, Jason Antman ja...@jasonantman.com wrote:
 As much as I hate to say this (for all of the people who write Puppet books) 
 I've found that things are changing fast enough that I usually recommend one 
 or two books for a beginner to get the ropes, and then after that, rely on 
 the online documentation, the community (here and #puppet), and the many 
 modules on the Forge and GitHub to answer more advanced questions and keep up 
 with what people are doing.


Me too. That was exactly the target focus for the Packt Starter book:  
http://www.netconsonance.com/instant-puppet-3-starter-book/

Get the terminology straight. Understand the SSL certificate hierarchy. Get 
working, then go online.

Or: how to avoid confusion and flailing as your intro to the mailing list :)

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/B8A08497-C06D-4BF7-A9A1-E876E6F6742D%40netconsonance.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Purging of ssh_authorized_keys

I agree with much of what Felix said here. Most importantly, John's every 
possible file everywhere is more than a bit extreme. (sorry, John :D ) I 
actually think that something even more limited than what Felix suggested would 
solve most desires. I believe that purging unlisted SSH keys for all users 
puppet is explicitly set to manage would solve 90% if not much more of the 
problem.

In essence, manage SSH keys for users which Puppet has defined. This fits 
cleanly within the Puppet model and doesn't cause unexpected behavior. This is 
a perfectly reasonable target and would solve most complaints. People who want 
all users to have their SSH keys purged would put all users in their manifests 
:D

On Nov 21, 2013, at 12:39 PM, Felix Frank felix.fr...@alumni.tu-berlin.de 
wrote:
 I'm forking this thread from a cron discussion on the development list.
 I feel that the exchange of design ideas regarding the much requested
 cleaning of authorized ssh public keys is of interest to the base of
 (potential) users and is not (yet) closely related to implementation
 details.
 
 On 11/21/2013 09:10 PM, John Bollinger wrote:
 
There is a similar request for ssh_authorized_keys, which is
just about
at the top of the highly voted issues (see [2]).
 
 
 
 There are indeed similarities here with Ssh_authorized_key, but also
 some important differences.  Consider that Ssh_authorized_key can
 manage any file as a keystore (see the 'target' parameter).  As such,
 it is flatly impossible for Puppet to reliably determine from which
 files it must purge keys to zap them all without collateral damage. 
 Puppet could be conservative by only purging from files having the
 standard name, but if Ssh_authorized_key.target has any use in the
 first place then a conservative purge would miss some keys in some
 environments.  I think it would be worse to provide a key purging
 feature that doesn't do the full job than to omit key purging altogether.
 
 I think we can agree that clearing all public keys from all files is
 out of the question. It cannot and should not be the goal in my opinion.
 
 For the vast majority of users, it will be important that the active
 keys are accounted for, i.e. such keys that are installed in
 authorized_keys files which will be read by an sshd to find trusted
 public keys.
 
 Taking this perspective, using the default location would be a fair
 start indeed. I can think of two ways of extending that approach.
 
 1. Try to locate and interpret the system-wide sshd configuration. Find
 the actual location(s) used for authorized keys files.
 
 2. Add a parameter (to the resources type?) that allows to override the
 default location of a user's authorized keys file. Think resources {
 ssh_authorized_key: purge = true, location = %h/.ssh_hidden/keys }.
 
 Both approaches could also be combined, of course.
 
 There will always be limitations, e.g. we cannot protect the admin from
 users (or other admins) running additional sshd instances with different
 configurations. But doing so would be well beyond the scope of what I,
 as a user, would expect from puppet.
 
 I think a more feasible reference model for key purging is the one
 provided by recursively-managed Files.  Essentially, there is a
 container (a File resource) that establishes the scope of the purge. 
 There is not currently a suitable container type for authorized keys,
 but one could certainly be created, say Ssh_authorized_keyfile or
 Ssh_authorized_keys.
 
 I can see how this would be more in the spirit of puppet design than
 what I sketched above. But wouldn't this require the manifest designer
 to enumerate all key files after all?
 
 That's quite a limitation, because usually (see user, group) purging
 resources is expected to act specifically upon resources that are not
 covered by the manifest at all.
 
 I can see scenarios where such a feature would be useful, e.g. in a
 defined type that manages all aspect of a user account, their authorized
 keys file could be added to the list. However, if the manifest design
 allows for such convenience, it will also easily allow workarounds such
 as handling the key files via the concat module or just adding a dummy
 for each user in order to allow the current purging mechanism to apply.
 This makes me question the value of such a container type.
 
 Best regards,
 Felix
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/puppet-users/528E6F92.6050601%40Alumni.TU-Berlin.de.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

Author of Instant Puppet 3 Starter: 
http://www.netconsonance.com/instant-puppet-3

Re: [Puppet Users] matching all current ipaddress_ethX facts

Yep, write it out as such :) Either if/then in the manifest, or write a custom
function that iterates through all ipaddress facts.

On Nov 21, 2013, at 4:32 AM, cko dert...@gmail.com wrote:
I'm currently trying to solve the following problem:

I wrote a module that matches the $ipaddress fact for certain IP subnets
(like 20.20.2... or 30.30.2..). Depending on the subnet, the variable
$proxy-server changes.

The problem is, that some of our physical machines have a random number of
interfaces connected to many different subnets. In some cases the $ipadddress
fact returns the correct subnet, lets call it production server lan and
some don't.

Is there any way to make puppet check every available NIC for a specific
subnet/ regex? Something like this:

if $ipaddress_eth* =~ /^20\.20\.\..*$/ {
$proxy-server = foo
}
.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9e5f1c49-cf71-4eab-a11b-18a9d31b5b0a%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

Author of Instant Puppet 3 Starter:
http://www.netconsonance.com/instant-puppet-3-starter-book/

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/7B5FCEB5-C6F4-46D2-A928-12D717276683%40netconsonance.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Problem with Passenger

On Nov 18, 2013, at 12:52 PM, Marcelo Frota infrag...@gmail.com wrote:
 I having problem with passenger module, i create the config file 
 /usr/share/puppet/rack/puppetmasterd/config.ru  but 
 the process master the puppet is not running . 
 For what seems apache is not recognizing the file config.ru

I don't believe that this directory is an expected path for apache, is it?  
That's an example file you copy to the apache config directory...

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

Author of Instant Puppet 3 Starter: 
http://www.netconsonance.com/instant-puppet-3-starter-book/



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/764E3267-879C-41DE-8F75-5C7E32C8BE36%40netconsonance.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] What's the best practice to manage software updates using puppet ?

There's always the alternative of using ensure = heira( 'package_version', 
present ) and using hiera to control the software release. If you're doing 
this you want osfamily in the hiera structure. I've found this much superior to 
either of the following two choices.

On Sep 25, 2013, at 10:13 AM, phundisk alex.farh...@currensee.com wrote:
 For me, when I was deciding to manage updates, there were two options for me.
 
 1. Set everything to ensure latest and only use clones of centos/redhat repos 
 for different environments such as QA, and production.  The downside of here 
 is that you need to manage every package in puppet, you will probably miss 
 some.
 
 2. Just use ensure = present and use another solution such as spacewalk or 
 satellite to manage updates.  That is what I choose personally.  It works out 
 pretty good so far.
 
 On Tuesday, September 24, 2013 4:31:10 PM UTC-4, François Chenais wrote:
 Hello,
 
 I got many classes, using the well known template ...
 
   package
  ensure = XXX
  notify = service
 
   file 
  require = package
  notify = service
 
   service
  require = File, Package
 
 
 ... with ensure value XXX set to 'latest'.
 
 
 This implies that package could be updated when I change a value
 in config file even if I don't want to update it  ... especially in 
 production ...
 
 A solution can be changing all ensure value to 'present' or 'installed' but 
 I'm not
 the owner of the code so I would like to know if there is a way to
 
 - deactivate the package update through a command line option ?
 - change the ensure value using 
 
   - a command line option
   - a fact
   - a tag 
   - ???
 
 
 
 More generally, what's the best practice to manage software updates using 
 puppet :
 
 - ensure = present
 - fix pkg repositories   :/
 - ???
 
 
 Thanks a lot 
 
 
  François
 
  
 
 
 
 
 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

Author of Instant Puppet 3 Starter: 
http://www.netconsonance.com/instant-puppet-3-starter-book/



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/30F8BCC6-5975-47C2-A574-2C54B67C5E71%40netconsonance.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] register question

On Oct 31, 2013, at 5:55 AM, Dan White y...@comcast.net wrote:
 --waitforcert
 This option only matters for daemons that do not yet have certificates and it 
 is enabled by default, with a value of 120 (seconds). This causes 'puppet 
 agent' to connect to the server every 2 minutes and ask it to sign a 
 certificate request. This is useful for the initial setup of a puppet client. 
 You can turn off waiting for certificates by specifying a time of 0.

Every build of puppet I've ever used over the years doesn't have a default for 
waitforcert. I never specify the option because I want it to fail immediately, 
and it does ;-)

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

Author of Instant Puppet 3 Starter: 
http://www.netconsonance.com/instant-puppet-3-starter-book/



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/91A34899-2E14-4659-BB0D-BF8F0E4CFC8F%40netconsonance.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] moving to ENC - how to get all current classes and params

$statedir/classes.txt and related files?

On Oct 30, 2013, at 12:21 PM, Jeff Behl jb...@logicmonitor.com wrote:
I'm looking to use an external node classifier (ENC) in our environment.
What's the easiest way to programmatically get currently applied classes (and
class parameters) for all hosts, with the goal of dumping it into a database
for later retrieval by the ENC script? Nodes are currently classified via
site.pp.

thanks

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/6d0da08e-9ae3-4d1e-a362-701340e51192%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

Author of Instant Puppet 3 Starter:
http://www.netconsonance.com/instant-puppet-3-starter-book/

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/346057AB-665A-4090-9FE0-0C06FD914B10%40netconsonance.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] register question

Use --environment nonexistent or --tags nothingmatchesme :)

On Oct 30, 2013, at 1:44 PM, Paras pradhan pradhanpa...@gmail.com wrote: 
 When I register to master using:  puppet agent --server puppetmaster 
 --waitforcert 60 --test , it does register but also runs: puppet agent -t 
 internally. I *only* need to register to master.  is it possibie?
 
 
 
 Thanks
 
 Paras.
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/puppet-users/aacf59f5-a1de-48c9-a87b-16c17daab716%40googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

Author of Instant Puppet 3 Starter: 
http://www.netconsonance.com/instant-puppet-3-starter-book/



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8680D630-8742-422E-83C5-A0AFDDC3BBE3%40netconsonance.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Technical Reviewers Needed

2013-05-10 Thread Jo Rhett

If any of you are interested, you can submit to receive a free copy of the 
(published) book in exchange for posting a review. Details are available at

http://www.netconsonance.com/2013/05/another-chance-for-people-who-could-not-win-the-free-e-copies/

On Nov 26, 2012, at 6:32 AM, joan...@packtpub.com wrote:
 I am searching for a number of technical reviewers for a Puppet
 Beginner's Guide that is currently in production. You need to have
 good technical knowledge, and be able to spare a few hours every
 couple of weeks to review the chapters. Please get in touch if you're
 interested!

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

Author of Instant Puppet 3 Starter: 
http://www.netconsonance.com/instant-puppet-3-starter-book/

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] SSL config in puppet.conf in v3.0x

2013-02-13 Thread Jo Rhett

[master] has been used for a while now. At least 2.6 up.

On Feb 13, 2013, at 12:52 PM, vioilly wrote:

 Hi,
 
 Does this still apply in puppet 3.0.2 in the puppet.conf file on the puppet 
 master?
 
 [puppetmasterd]
 
 ssl_client_header = SSL_CLIENT_S_DN
 
 ssl_client_verify_header = SSL_CLIENT_VERIFY
 
 
 
 If yes, is puppetmasterd correct or should it be something else, like [main] 
 or [master]?
 
 Cheers,
 Oli
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users?hl=en.
 For more options, visit https://groups.google.com/groups/opt_out.
  
  

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Alternatives to a dynamic scope lookup

2013-02-11 Thread Jo Rhett

From the snippet you posted, I don't see why you can't pass $var1 into the 
define. No magic, just straightforward variable passing, right?

On Feb 11, 2013, at 9:31 AM, Roman Shaposhnik wrote:
 now that dynamic scope lookup is going away, I'm looking
 for a good alternative for the following use case: suppose
 I have a set of classes that all set up a pretty rich internal
 state with quite a few variables defined in their namespace.
 On top of that all of them need to do a common set of steps.
 
 Previously I'd capture that set of steps into a custom define
 that would server a purpose of a macro:
 
 define this_is_really_a_macro {
  notify { $var1 ... $varN: }
 }
 
 and then 'expand' that macro inside of each of the classes
 
  class foo {
  $var1 = ...
  
  this_is_really_a_macro { macro 1: }
  }
  
 
 Then, because of the dynamic scope lookup everything would
 work just fine.
 
 Question: what's the recommended way of migrating to
 Puppet 3.X+ world here?
 
 Thanks,
 Roman.
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users?hl=en.
 For more options, visit https://groups.google.com/groups/opt_out.
 
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate verify fails without indications

2013-02-11 Thread Jo Rhett

Sounds like your puppet master isn't signing the cert with the name that the 
agent is connecting with?

All cert problems are either time sync or certificate name issues. So it's one 
of those two.

On Feb 11, 2013, at 9:35 AM, Luigi Martin Petrella wrote:
 I have a puppet master on Centos 6.3 connected and working properly with 
 other Centos 6.3 agent. I installed puppet agent via gems on a RED HAT 4 
 node. This is what happens when I try to sign certificate for the new node: 
 
 AGENT 
 
 [root@FP2 ~]$ puppet agent -t Info: Creating a new SSL key for fp2 Info: 
 Caching certificate for ca Info: Creating a new SSL certificate request for 
 fp2 Info: Certificate Request fingerprint (SHA1): 
 35:51:A0:12:CF:2E:F7:73:22:C3:5E:51:DC:03:AF:4C:FC:54:5C:10 Exiting; no 
 certificate found and waitforcert is disabled
 
 MASTER 
 
 [root@puppet centos]# puppet cert list fp2 (SHA1) 
 35:51:A0:12:CF:2E:F7:73:22:C3:5E:51:DC:03:AF:4C:FC:54:5C:10 [root@puppet 
 centos]# puppet cert sign fp2 Notice: Signed certificate request for fp2 
 Notice: Removing file Puppet::SSL::CertificateRequest fp2 at 
 '/var/lib/puppet/ssl/ca/requests/fp2.pem'
 
 AGENT 
 
 [root@FP2 ~]$ puppet agent -t Info: Caching certificate for fp2 Warning: 
 Unable to fetch my node definition, but the agent run will continue: Warning: 
 SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: 
 certificate verify failed: [certificate signature failure for /CN=Puppet CA: 
 master] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to 
 generate additional resources using 'eval_generate: SSL_connect returned=1 
 errno=0 state=SSLv3 read server certificate B: certificate verify failed: 
 [certificate signature failure for /CN=Puppet CA: master] Error: 
 /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 
 errno=0 state=SSLv3 read server certificate B: certificate verify failed: 
 [certificate signature failure for /CN=Puppet CA: master] Could not retrieve 
 file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 
 state=SSLv3 read server certificate B: certificate verify failed: 
 [certificate signature failure for /CN=Puppet CA: master] Error: Could not 
 retrieve catalog from remote server: SSL_connect returned=1 errno=0 
 state=SSLv3 read server certificate B: certificate verify failed: 
 [certificate signature failure for /CN=Puppet CA: master] Warning: Not using 
 cache on failed catalog Error: Could not retrieve catalog; skipping run 
 Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read 
 server certificate B: certificate verify failed: [certificate signature 
 failure for /CN=Puppet CA: master]
 
 I tryied several times to clear certificare on master and agent but I have 
 always the same result. To help to understand and debug the issue, here are 
 some other informations: 
 
 – clocks are syncronized on server and agent 
 
 -I installed puppet agent on Red Hat 4 node using the following procedure: 
 
 Install ruby
 
 a. wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz 
 
 b. tar -xzvf ruby-1.8.7.tar.gz
 
 c. cd ruby-1.8.7 
 
 d. ./configure
 
 e. make
 
 f. make install 
 
 Install rubygems 
 
 a. wget http://rubyforge.org/frs/download.php/70696/rubygems-1.3.7.tgz 
 
 b. tar xvzf rubygem.tgz 
 
 c. cd rubygem 
 
 d. ruby setup.rb 
 
 Install library openssl-devel (needed to instal openssl support for ruby, 
 otherwise nothing works) 
 
 a. wget 
 ftp://ftp.pbone.net/mirror/ftp.wesmo.com/pub/redhat/i386/openssl-devel-0.9.7-1.i386.rpm
  
 
 b. rpm –i openssl-devel-0.9.7-1.i386.rpm (Note: 0.9.7 is the most updated 
 version of openssl library that can be installed on red hat 4)
 
 Install openssl support for ruby
 
 a. cd /${ruby_src}/ext/openssl 
 
 b. ruby extconf.rb 
 
 c. make
 
 d. make install
 
 a. Gem install puppet
 
 puppet.conf is the same on working and non-working agent
 I’m afraid this problem is related to openssl… rpm -qa | grep openssl: 
 
 On Centos (master and working nodes) 
 
 openssl-devel-1.0.0-25.el6_3.1.i686 openssl-1.0.0-25.el6_3.1.i686 
 
 on Red Hat 4 agent:
 
 openssl-0.9.7a-43.17.el4_6.1 openssl-devel-0.9.7-1
 
 Hope someone could help..
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users?hl=en.
 For more options, visit https://groups.google.com/groups/opt_out.
  
  

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post

[Puppet Users] Re: warnings for those shifting from puppet kick to mcollective

On Feb 8, 2013, at 10:44 AM, Jo Rhett wrote:
 2. No classes file. http://projects.puppetlabs.com/issues/show/7917

This was actually operator error on my part. Not an issue.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] warnings for those shifting from puppet kick to mcollective

So PL has been telling us that puppet kick is dead, and to shift to mcollective 
agent. The idea of getting away from 800mb puppet agents has a lot of appeal. 
Here's some advisories and bugs to watch before you make the shift. If you are 
preparing to make the shift, you may want to go to these bugs and vote for 
them, since you'll be a lot happier when they are fixed.

1. You can't control puppet daemon without killing puppet mid-run 
http://projects.puppetlabs.com/issues/19153

So when you shift away from puppet daemon to cron-run puppet you're going to 
say Hey! I know how to do this!

  service { 'puppet':
  ensure  = stopped,
  enable  = false,
  require = File['/etc/cron.d/puppet','/etc/puppet/puppet.conf'],
  }

Well, not so fast. On CentOS, it turns out that puppet agent --test works 
fine, but puppet agent --onetime is caught by this and killed by itself 
mid-run. Depending on the host and your dependency trees, this could be very 
early or very late in the run. No kidding, you have to deploy 'monit' or 
something similar to ensure your puppet agents aren't running in daemon mode.

2. No classes file. http://projects.puppetlabs.com/issues/show/7917

Mcollective agent for puppet gives you some really nice features, like being 
able to do things against hosts on which certain puppet classes are applied. 
For instance, to update all webservers you might do something like:
$ mco puppet agent runonce --batch 5 --with-class webserver

Unfortunately, once you shift away from puppet agent, puppet no longer writes 
out the classes.txt file. So this method of filtering your mco commands isn't 
available.

3. There's no documented best way to run puppet from cron.

I suspect PL hasn't put down a recipe for this since Puppet Commander hasn't 
been updated to work with Puppet 3 yet. That's probably the answer, but it's 
not available yet. This might be a good reason to wait.

We settled on the many-year-old version of running it from cron with 
fqdn_rand(30). Given the numerous problems with the cron resource, we did this 
in a separate cron.d file like so:

 # two variables to control puppet run time
$first_minute  = fqdn_rand(30)
$second_minute = $first_minute + 30
file { /etc/cron.d/puppet:
owner   = root,
group   = root,
mode= 0444,
content = template('puppet/cron-puppet'),
require = Package['puppet'],
}

There might be a better way, but I couldn't find it. I'd really like to see a 
best practice recommendation from PuppetLabs.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0

On Feb 7, 2013, at 5:50 AM, Dominic Cleal wrote:
 Sorta puzzles me. Why would this mismatched agent certificate on
 puppetmaster interfered with other puppet agent runs?
 
 The same certificate that is used for the agent on the master server is
 also used for the master process itself (inbound connections).


Only if you let your puppet server use the host it's running on FQDN, which I 
devoutly disagree with in practice. Best to keep them separate by putting a 
hardcoded certname in the [master] section to avoid these kinds of problems.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Applying a resource only if not within a schedule

You could make a notify that also receives the same trigger with an opposite 
schedule.

On Feb 7, 2013, at 2:40 PM, ad wrote:
 I have a custom resource type that upgrades a MSI and kicks off a reboot. It 
 uses a schedule parameter (configurable through an  ENC) so we can control 
 when the node is allowed to reboot. I'd like to add a notify (or call warn()) 
 if not within the schedule, e.g. Skipping ensure version of MSI x, not 
 within allowed schedule.
 
 Any easy way to do this? If not any tips on getting started with a custom 
 function are appreciated.
 
 Adam
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users?hl=en.
 For more options, visit https://groups.google.com/groups/opt_out.
  
  

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet dashboard stuck pending jobs

Make sure that your dashboard workers are running. If you are using CentOS then 
service puppet-dashboard-workers status will tell you.

On Feb 8, 2013, at 1:53 PM, Jagga Soorma wrote:
 I am a new puppet user and wanted some type of monitoring for puppet so 
 deployed puppet-dashboard.  It has been working very well for a few days not, 
 but all of a sudden I start getting pending tasks and they never finish even 
 after restarting all processes.  They keep accumulating and never seem to 
 finish even though the clients are running fine.  I have the puppet-dashboard 
 running on a different server than my puppetmaster.  Is there any way to 
 troubleshoot what seems to be stuck and how to I get it going without having 
 to destroy the dashboard mysql db and recreating it again?  That is the only 
 way I have got it working again but that is not the correct way of doing this 
 :)  Any help would be appreciated.
 
 Thanks!
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users?hl=en.
 For more options, visit https://groups.google.com/groups/opt_out.
  
  

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate nightmares

I suspect your clients are talking to a different puppetmaster than you think 
they are.  Test with an explicit --server and see if it changes. tcpdump is 
your friend.

On Feb 6, 2013, at 7:44 AM, Bret Wortman wrote:
 I think I really hosed my certificates somehow this morning trying to get 
 PuppetDB and Puppet talking again -- here's where I stand.
 
 My Puppet master and PuppetDB are again talking, or at least, aren't 
 complaining about communication.
 
 From my puppet master, I can run puppet agent -t, and it runs just fine.
 
 From any other node on which puppet had been running, I get this:
 
 # puppet agent -t
 Error: Could not request certificate: Connection refused - connect(2)
 Exiting; failed to retrieve certificate and waitforcert is disabled
 #
 
 Now, I have auto-signing enabled (my systems are on a private network) and 
 when I go to my master:
 
 # puppet cert list
 #
 
 There's nothing. Nothing in the logs. No one is talking to my puppetmaster 
 this morning.
 
 I *did* delete a bunch of certs in my flailing attempts to get puppet  
 puppetdb talking and suspect that may be the cause; but how can I get my 
 remote agents talking to the puppet master again?
 
 Thanks.
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users?hl=en.
 For more options, visit https://groups.google.com/groups/opt_out.
  
  

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] dashboard permission issue

2013-02-06 Thread Jo Rhett

It would help to indicate the operating system and such. If you are using
linux, I'm very surprised that the user and group weren't set up right.

This is clearly a right problems. Frankly I would remove and reinstall. It
sounds like you are floundering, and you've probably made changes you aren't
mentioning here. The default permissions are good if you always run as
puppet-dashboard.

On Feb 5, 2013, at 1:15 AM, sgd.eriks...@gmail.com wrote:
I'm having trouble getting puppet dashboard (1.2.21) to run on apache.

i installed puppetmaster-passenger and puppet-dashboard package. It didn't
create user puppet-dashboard automatically as stated in the installation
guide,
so i created one manually and chowned all files under /puppet-dashboard. when
testing with webrick everything works fine (as root).
when i try with other users this is what happens:

root@puppetmaster:/usr/share/puppet-dashboard/script# sudo -u
puppet-dashboard ./server -e production
= Booting WEBrick
= Rails 2.3.14 application starting on http://0.0.0.0:3000
./../config/../vendor/rails/railties/lib/initializer.rb:926:in `read':
Permission denied - /usr/share/puppet-dashboard/config/database.yml
(Errno::EACCES)
from ./../config/../vendor/rails/railties/lib/initializer.rb:926:in
`database_configuration'
from ./../config/../vendor/rails/railties/lib/initializer.rb:437:in
`initialize_database'
from ./../config/../vendor/rails/railties/lib/initializer.rb:141:in
`process'
from ./../config/../vendor/rails/railties/lib/initializer.rb:113:in
`send'
from ./../config/../vendor/rails/railties/lib/initializer.rb:113:in
`run'
from /usr/share/puppet-dashboard/config/environment.rb:14
from /usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in
`gem_original_require'
from /usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `require'
from
/usr/share/puppet-dashboard/vendor/rails/activesupport/lib/active_support/dependencies.rb:182:in
`require'
from
/usr/share/puppet-dashboard/vendor/rails/activesupport/lib/active_support/dependencies.rb:547:in
`new_constants_in'
from
/usr/share/puppet-dashboard/vendor/rails/activesupport/lib/active_support/dependencies.rb:182:in
`require'
from
/usr/share/puppet-dashboard/vendor/rails/railties/lib/commands/server.rb:84
from /usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in
`gem_original_require'
from /usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `require'
from ./server:3

When running with apache, passneger gives the same error:
Permission denied - /usr/share/puppet-dashboard/config/database.yml
Application root: /usr/share/puppet-dashboard

I tried changing ownerships, giving 777 rights on files etc..
First run with webrick might have been as root. Could this be an issue? If
so, is it fixable or am i due for a reinstallation?

Thanks a million for any help on this!!

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Dashboard/Site.pp interfunctionality

2013-01-11 Thread Jo Rhett

Really quick answer: there's no interaction between Dashboard and Site.pp that 
I'm aware of.  Think of the Dashboard as a place to visually display puppet 
reports.

This is functionality where you can define things in the Dashboard and use that 
as an ENC in your puppet manifests. So Site.pp could learn from Dashboard, but 
there's no way for Site.pp to inform the Dashboard.  If you really want it to 
show up there, then you need to define it all in the Dashboard and then 
reconfigure Puppet to use the Dashboard as an ENC.

Google: puppet dashboard ENC

Post-Note: keep in mind that PuppetLabs has deprecated the Dashboard and won't 
be doing any future development, so this may not be a good investment of your 
time.

On Jan 11, 2013, at 8:04 AM, Art wrote:
 I have a few questions on how the Dashboard and site.pp file work together 
 and would appreciate any help that could be given.  First a little about my 
 setup.  I am using the Learning Puppet VM provided by the Puppet Labs 
 website.  I have copied it 3 times to create a configuration of 1 master and 
 2 agents. The master and agents all show up in the Dashboard and I can get 
 responses from them using the Live Management tools on the Dashboard as well 
 as using the command line tools.  I have created some basic modules following 
 various examples in books and the Puppet website.  Now for the questions:
 
 1. Currently modules I have created and assigned to nodes using the site.pp 
 file are not shown on the Dashboard.  Is this normal or should the Dashboard 
 be picking them up?
 2. Modules I assign to nodes though the Dashboard do not show up in the 
 site.pp file. Is this normal?  Where does the Dashboard save assigned 
 modules, if not in the site.pp file?
 3. Which system takes precedence?  Does the site.pp file override what is on 
 the Dashboard?  Does the Dashboard override the site.pp file?  Do they work 
 in conjunction or does only the Dashboard apply when Puppet is run through 
 the Dashboard and the site.pp apply then Puppet is run thought the command 
 line.
 
 Any help in understanding this will be greatly appreciated.
 
 Thanks
 
 Art
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/NJBpUPiGh8AJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] MAJOR BUG: package requirements are ignored when schedules are used.

If you setup a schedule such that packages are only installed certain hours of 
the day, well, that part works. They won't install until that time. However, if 
you have a policy that depends on the package being installed, if it is NOT 
installed due to the schedule, it satisfies the Require and everything else 
happens. I'm going to call this misfeature: No package? No Problem! :(

Example: with this example, if you apply the policy after 8pm (if you are using 
UTC like we are, that's noon PST) then it will actually install the 
configuration files and attempt to start the service. This is clearly a bug. 
Given some multi-application interactions, this could cause a major service 
outage. (I didn't find this with snmp but instead with some inhouse system 
components.  I replicated it with this config before reporting it)

I observed this on 2.7.19 but checking the sources it appears likely to be a 
problem with 3.0 as well.

site.pp:
  # Schedule in the early part of the working day (not peak)
  schedule { 'early-day':
  range   = '17 - 20',
  period  = daily,
  periodmatch = number,
  }
  Package {
  schedule = 'early-day',
  }
  node default {
  class { snmpd: }
  }

class snmpd {
package { 'net-snmp':
ensure = present,
alias  = 'snmpd',
}
package { 'net-snmp-perl':
ensure  = present,
require = Package['net-snmp'],
}
file { /etc/sysconfig/snmpd:
owner   = root,
group   = root,
mode= 0755,
source  = 'puppet:///modules/snmpd/snmpd.sysconfig',
require = Package['net-snmp'],
notify  = Service['snmpd'],
}
file { '/etc/snmp/snmpd.conf':
ensure  = file,
owner   = root,
group   = root,
mode= 0755,
content = template('snmpd/snmpd.conf'),
require = Package['net-snmp'],
notify  = Service['snmpd'],
}
service { 'snmpd':
ensure  = running,
enable  = true,
require = Package['net-snmp','net-snmp-perl'],
}
}

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] MAJOR BUG: package requirements are ignored when schedules are used.

Note that a workaround is to override the schedule for each package that is 
depended on this way, but that prevents application of ensure = latest.  
Which brings up a really good point. What if I want to install software at any 
hour, but only update the same software during certain hours?  The current 
Package resource doesn't seem capable of this, especially since There Can Be 
Only One :(

On Nov 8, 2012, at 2:42 PM, Jo Rhett wrote:
 If you setup a schedule such that packages are only installed certain hours 
 of the day, well, that part works. They won't install until that time. 
 However, if you have a policy that depends on the package being installed, if 
 it is NOT installed due to the schedule, it satisfies the Require and 
 everything else happens. I'm going to call this misfeature: No package? No 
 Problem! :(
 
 Example: with this example, if you apply the policy after 8pm (if you are 
 using UTC like we are, that's noon PST) then it will actually install the 
 configuration files and attempt to start the service. This is clearly a bug. 
 Given some multi-application interactions, this could cause a major service 
 outage. (I didn't find this with snmp but instead with some inhouse system 
 components.  I replicated it with this config before reporting it)
 
 I observed this on 2.7.19 but checking the sources it appears likely to be a 
 problem with 3.0 as well.
 
 site.pp:
  # Schedule in the early part of the working day (not peak)
  schedule { 'early-day':
  range   = '17 - 20',
  period  = daily,
  periodmatch = number,
  }
  Package {
  schedule = 'early-day',
  }
  node default {
  class { snmpd: }
  }
 
 class snmpd {
package { 'net-snmp':
ensure = present,
alias  = 'snmpd',
}
package { 'net-snmp-perl':
ensure  = present,
require = Package['net-snmp'],
}
file { /etc/sysconfig/snmpd:
owner   = root,
group   = root,
mode= 0755,
source  = 'puppet:///modules/snmpd/snmpd.sysconfig',
require = Package['net-snmp'],
notify  = Service['snmpd'],
}
file { '/etc/snmp/snmpd.conf':
ensure  = file,
owner   = root,
group   = root,
mode= 0755,
content = template('snmpd/snmpd.conf'),
require = Package['net-snmp'],
notify  = Service['snmpd'],
}
service { 'snmpd':
ensure  = running,
enable  = true,
require = Package['net-snmp','net-snmp-perl'],
}
 }
 
 -- 
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet 
 projects.
 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] MAJOR BUG: package requirements are ignored when schedules are used.

This is now https://projects.puppetlabs.com/issues/17507

On Nov 8, 2012, at 2:42 PM, Jo Rhett wrote:
 If you setup a schedule such that packages are only installed certain hours 
 of the day, well, that part works. They won't install until that time. 
 However, if you have a policy that depends on the package being installed, if 
 it is NOT installed due to the schedule, it satisfies the Require and 
 everything else happens. I'm going to call this misfeature: No package? No 
 Problem! :(
 
 Example: with this example, if you apply the policy after 8pm (if you are 
 using UTC like we are, that's noon PST) then it will actually install the 
 configuration files and attempt to start the service. This is clearly a bug. 
 Given some multi-application interactions, this could cause a major service 
 outage. (I didn't find this with snmp but instead with some inhouse system 
 components.  I replicated it with this config before reporting it)
 
 I observed this on 2.7.19 but checking the sources it appears likely to be a 
 problem with 3.0 as well.
 
 site.pp:
  # Schedule in the early part of the working day (not peak)
  schedule { 'early-day':
  range   = '17 - 20',
  period  = daily,
  periodmatch = number,
  }
  Package {
  schedule = 'early-day',
  }
  node default {
  class { snmpd: }
  }
 
 class snmpd {
package { 'net-snmp':
ensure = present,
alias  = 'snmpd',
}
package { 'net-snmp-perl':
ensure  = present,
require = Package['net-snmp'],
}
file { /etc/sysconfig/snmpd:
owner   = root,
group   = root,
mode= 0755,
source  = 'puppet:///modules/snmpd/snmpd.sysconfig',
require = Package['net-snmp'],
notify  = Service['snmpd'],
}
file { '/etc/snmp/snmpd.conf':
ensure  = file,
owner   = root,
group   = root,
mode= 0755,
content = template('snmpd/snmpd.conf'),
require = Package['net-snmp'],
notify  = Service['snmpd'],
}
service { 'snmpd':
ensure  = running,
enable  = true,
require = Package['net-snmp','net-snmp-perl'],
}
 }
 
 -- 
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet 
 projects.
 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] MAJOR BUG: package requirements are ignored when schedules are used.

 This is now https://projects.puppetlabs.com/issues/17507

On Nov 8, 2012, at 2:55 PM, R.I.Pienaar wrote:
 also see http://projects.puppetlabs.com/issues/5286 I think the
 hard part here is figuring out what is right behaviour


I don't think either situation is hard to determine what the expected behavior 
should be. I updated 5286 with some thoughts.

For package installs, either one of the following behaviors is 
correct/intuitive. I prefer the first one:

1. Check if the package is installed. If it is installed and has a schedule, 
don't check the version for update or removal. If it isn't installed and should 
be, install it outside of the schedule.

*OR*

2. Do not run things which fail dependency on a package which is not installed.

But running a bunch of commands and trying to start services when their 
dependancies are not installed is madness, and likely to really hurt someone in 
the wrong situations.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] I need a schedule for any time/every time.

I'd like to set a resource to have the normal schedule, ie every time we 
run.  The type has a default of a more restricted schedule.  Looking at the 
type reference, there isn't a built-in schedule for normal is there?

Do I need to do something like this?  Please tell me that there's some better 
way to override a schedule applied as a default for the type.

schedule Anytime {
  period = hourly,
  periodmatch = number,
  repeat = 1000,
}

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] error message with puppet

Check what the server has logged. It's probably an auth problem in 
fileserver.conf

On Nov 7, 2012, at 9:37 AM, bobby38 wrote:

 I have created a new folders and i am trying to source to files inside this 
 new directory
 when i check inside puppet master server i can see my new folder with correct 
 permission and the files also
 my source is as following:
 
 source = puppet:///backup/files/foo,
 
 then i am getting this error message
 
 Error: 
 /Stage[main]/Backup::Mongo/File[/pipe/tools/pipeline/bin/backup-mongodb.rb]: 
 Could not evaluate: Could not retrieve information from environment  
 source(s) puppet:///backup/files/backup-mongodb.erb
 
 any suggestion?
 Thanks
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/u5JOGUO9qHAJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: [Puppet-dev] Announce: Hiera 1.1.1 Available

2012-10-31 Thread Jo Rhett

On Oct 31, 2012, at 5:21 PM, Matthaus Owens wrote:

 Hiera 1.1.1 is a release candidate in the 1.x branch with bug fixes.


RC or final?

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Change Tab behavior in 3.0+

2012-10-22 Thread Jo Rhett

On Oct 15, 2012, at 2:23 PM, Matt Zagrabelny wrote:
 There are a truckload of reasons to not use them.


No, there is only one reason: force everybody on the project to use the 
indentation you prefer.

Every editor and command line tool allows for personalized tab adjustments. 
Logic based on how editors worked in v7 unix isn't relevant now. 
Linux/FreeBSD/Solaris/etc have never had any problem supporting flexible 
spacing arrangements. The logic named in those posts is only relevant if you 
are using 30 years old operating systems that can't run Puppet nor Eclipse 
anyway.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Dashboard won't install MySQL schema

2012-10-11 Thread Jo Rhett

I suspect you have an incorrect environment variable somewhere: you have lib 
being a subdirectory of lib, and there's no directory delayed.  That's the 
problem. The path to that library is actually 
~puppet-dashboard/vendor/rails/railties/lib/tasks/rails.rb

I am using the exact same environment you listed, exact same versions from RPMs 
as you listed. No problems.

Are you certain you don't have local gems installed as well which are confusing 
the issue?

On Oct 11, 2012, at 1:13 PM, Tim Gendorf wrote:
 I have been working on this issue for almost 5 days
 and can not get 
 past this error.
 
 Puppet Dashboard is installed via RPM from puppetlabs.  
 I have tried versions
 1.2.12, 1.2.9 and am currently on 1.2.1.
 
 Regardless of the version, I get the same exact error
 every time I run rake RAILS_ENV=production db:migrate.
 
 (in /usr/share/puppet-dashboard)
 rake aborted!
 no such file to load -- /usr/share/puppet-dashboard/lib/
 lib/delayed/tasks
 /usr/share/puppet-dashboard/Rakefile:11
 (See full trace by running task with --trace)
 
 
 Line 11 of the Rakefile says require 'tasks/rails'
 
 Here is the trace:
 
 (in /usr/share/puppet-dashboard)
 rake aborted!
 no such file to load -- /usr/share/puppet-dashboard/
 lib/lib/delayed/tasks
 /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:
 31:in `gem_original_require'
 /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:
 31:in`require'
 /usr/share/puppet-dashboard/vendor/rails/activesupport/
 lib/active_support/dependencies.rb:182:in
 `require'
 /usr/share/puppet-dashboard/vendor/rails/activesupport/
 lib/active_support/dependencies.rb:547:in
 `new_constants_in'
 /usr/share/puppet-dashboard/vendor/rails/activesupport/
 lib/active_support/dependencies.rb:182:in
 `require'
 /usr/share/puppet-dashboard/lib/tasks/jobs.rake:1
 /usr/share/puppet-dashboard/vendor/rails/activesupport/
 lib/active_support/dependencies.rb:171:in
 `load_without_new_constant_marking'
 /usr/share/puppet-dashboard/vendor/rails/activesupport/
 lib/active_support/dependencies.rb:171:in
 `load'
 /usr/share/puppet-dashboard/vendor/rails/activesupport/
 lib/active_support/dependencies.rb:547:in
 `new_constants_in'
 /usr/share/puppet-dashboard/vendor/rails/activesupport/
 lib/active_support/dependencies.rb:171:in
 `load'
 /usr/share/puppet-dashboard/vendor/rails/railties/lib/
 tasks/rails.rb:14
 /usr/share/puppet-dashboard/vendor/rails/railties/lib/
 tasks/rails.rb:14:in `each'
 /usr/share/puppet-dashboard/vendor/rails/railties/lib/
 tasks/rails.rb:14
 /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:
 31:in `gem_original_require'
 /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:
 31:in`require'
 /usr/share/puppet-dashboard/Rakefile:11
 /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2382:
 in`load'
 /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2382:
 in`raw_load_rakefile'
 /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2016:
 in`load_rakefile'
 /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2067:
 in`standard_exception_handling'
 /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2015:
 in`load_rakefile'
 /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:1999:
 in`run'
 /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2067:
 in`standard_exception_handling'
 /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:1997:
 in`run'
 /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/bin/rake:31
 /usr/bin/rake:19:in `load'
 /usr/bin/rake:19
 
 
 I am running the following versions:
 
 Centos 6.3 x86_64 (Fresh Install)
 ruby 1.8.7
 rubygems 1.3.7
 rake 0.8.7
 rack 1.1.0
 mysql-server 5.1.61
 
 
 I have read through several blogs and web pages
 on installation issues and can
 not find an answer as to how to get past this error.
 
 Any help or suggestions would be great.
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client not listening on port 8139

2012-10-10 Thread Jo Rhett


On Oct 9, 2012, at 11:35 PM, Pondy wrote:
 Please help, I have built a new server and installed puppet (2.6.17) running 
 on RHEL 6.3. It seems that it is not listening on port 8139.
...
 It seems as though the puppet is running:
  4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd 
 --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log

That's the puppet client. You want to start the puppetmaster with service 
puppetmaster start to get the server. 

As per the other replier, default port is 8140 unless you've changed it in the 
config.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: [Puppet-dev] The Future of Puppet Dashboard

2012-10-10 Thread Jo Rhett

/nigelkersten
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Developers group.
 To post to this group, send email to puppet-...@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-dev+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-dev?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet caught TERM; calling stop - error

2012-10-10 Thread Jo Rhett

On Oct 10, 2012, at 11:37 AM, Will S. G. wrote:
 However, there is still that pesky Caught TERM; calling stop error, which 
 seems to be related to the recent kernel upgrade. Any thoughts? 

Look for resources which would notify = Service['puppet']. Run puppet with 
--debug and you'll see what resource triggered it.

(or whatever service is restarting, if its not puppet)

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] RHEL 5: Stuck on Puppet 2.7

2012-10-09 Thread Jo Rhett

Dude, seriously. Install Ruby, then build the passenger RPMs. It just works.

No, you can't use passenger between the time you update Ruby and before you 
update Passenger. You are updating interlocked dependancies. Install them both 
at once.

On Oct 8, 2012, at 2:44 PM, Dan White wrote:
 I think you miss the point.
 I do not need to hand-build Ruby -- it is available from the puppetlabs-deps 
 repo
 
 It is a chicken-egg dilemma with Ruby and Passenger.
 
 Passenger depends on the installed version of Ruby.
 Trying to update Ruby causes a dependency error from Passenger.
 
 I tried re-building Passenger from SRPM, but ran into problems.
 
 It would be nice if the maintainer of the Passenger RPM's would surface and 
 help out, but ...?
 
 If I force Ruby to update to 1.8.7.x, will yum continue to complain about a 
 dependency problem with Passenger or will it re-examine the system and see 
 the currently installed version ?
 
 On Oct 8, 2012, at 3:13 PM, Jo Rhett wrote:
 
 Actually, it's not specified in the source RPM. And just recompiling the 
 source RPM solves the problem. I ran into the same thing, just grabbed the 
 
 On Oct 6, 2012, at 3:39 PM, Dan White wrote:
 Actually, it is.
 
 https://github.com/erikogan/passenger/blob/master/rpm/passenger.spec
 
 ruby_version_patch -- lines 55-67, line 86, and line 238
 
 It looks for the version that is already installed.
 
 Saying use the current version generally means not specified ;-)  
 Especially when I was responding to your query about what to fix.
 
 So how do I update ruby ?
 
 https://groups.google.com/d/msg/puppet-users/CQTHj9nIYCw/b2Cr7-BxAwkJ
 
 I am trying to be helpful, but all of this is very google-able.
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 3.0, Passenger not starting

2012-10-09 Thread Jo Rhett

On Oct 9, 2012, at 12:04 PM, Worker Bee wrote:
 However, when I start httpd manually, passenger starts.  When I start 
 puppetmaster, it does not start httpd and is still using WebBrick…  
 I am stumped and not really even sure where to begin troubleshooting.

Yes, puppetmaster service is webrick. You should disable puppetmaster service 
and enable httpd service. Your puppetmaster is now a passenger service within 
your apache instance.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] RHEL 5: Stuck on Puppet 2.7

2012-10-08 Thread Jo Rhett

 Actually, it's not specified in the source RPM. And just recompiling the 
 source RPM solves the problem. I ran into the same thing, just grabbed the 

On Oct 6, 2012, at 3:39 PM, Dan White wrote:
 Actually, it is.
 
 https://github.com/erikogan/passenger/blob/master/rpm/passenger.spec
 
 ruby_version_patch -- lines 55-67, line 86, and line 238
 
 It looks for the version that is already installed.

Saying use the current version generally means not specified ;-)  
Especially when I was responding to your query about what to fix.

 So how do I update ruby ?

https://groups.google.com/d/msg/puppet-users/CQTHj9nIYCw/b2Cr7-BxAwkJ

I am trying to be helpful, but all of this is very google-able.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Purge puppet's reports

2012-10-08 Thread Jo Rhett

 On Thursday, July 21, 2011 8:50:32 AM UTC-5, vagn wrote:
  find $d -type f -name \*.yaml -mtime $days |
  sort -r |
  tail -n +2 |
  xargs -n50 /bin/rm -f

All this is really better than…?

 find $d -type f -name \*.yaml -mtime $days -exec rm -f {} \;

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Force unmount??

2012-10-08 Thread Jo Rhett


On Oct 8, 2012, at 5:38 AM, timo wrote:
 I need a method of either forcibly umounting the array, or killing all PID's 
 using the mounted directores so Puppet can unmount them. I'd like all this 
 done from Puppet.
 
 Any ideas? 

http://docs.puppetlabs.com/references/latest/type.html#exec

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] RHEL 5: Stuck on Puppet 2.7

On Oct 4, 2012, at 5:56 AM, jcbollinger wrote:
 On Wednesday, October 3, 2012 8:19:59 AM UTC-5, Ygor wrote:
 [...]
 1:rubygem-passenger-native-libs-3.0.12-1.el5.centos_1.8.5.x86_64 from 
 installed has depsolving problems 
   -- Missing Dependency: ruby = 1.8.5 is needed by package 
 1:rubygem-passenger-native-libs-3.0.12-1.el5.centos_1.8.5.x86_64 (installed) 
 Error: Missing Dependency: ruby = 1.8.5 is needed by package 
 1:rubygem-passenger-native-libs-3.0.12-1.el5.centos_1.8.5.x86_64 (installed) 
 
 OK, a bit of Google-ing says that Passenger 3.0.14 was released in July 
 http://blog.phusion.nl/2012/07/22/phusion-passenger-3-0-14-released/#.UGsb6-c547w
  
 
 But the latest RPM on 
 http://passenger.stealthymonkeys.com/rhel/5Server/x86_64/ 
 is rubygem-passenger-native-libs-3.0.12-1.el5.centos_1.8.5.x86_64.rpm -- 
 which is what I currently have. 
 
 Suggestions ?  I sent an email to Erik Ogan, owner of Stealth Monkeys, but 
 have not received a response. 
 
 
 Download the source RPM, modify the requirement to, for example, ruby = 
 1.8.7, increment the release number, and rebuild.  Probably no other changes 
 are needed.


Actually, it's not specified in the source RPM. And just recompiling the source 
RPM solves the problem. I ran into the same thing, just grabbed the SRPMs and 
built them and it worked fine.  Something weird about dependancies encoded in 
the RPM details *shrug*

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet cron job class stamps file with date-time. How?

I would also like to know this. I keep hacking the same text into our 
templates. If there is a tag we could put in a template to get this output I'd 
like to know it.

On Oct 1, 2012, at 12:05 PM, Brian Dunbar wrote:
 New puppet user.  I see that the cron class creates a cronjob with a 
 date-time in the header, which is cool.
 
 # HEADER: This file was autogenerated at Mon Oct 01 11:43:25 -0500 2012 by 
 puppet.
 # HEADER: While it can still be managed manually, it is definitely not 
 recommended.
 
 1. How does it do that? 
 2. I'd like to be able to edit the text, customize it.
 3. More particularly, how can I put a date/time stamp in other managed files? 
  
 
 I tried to do so with a template but that was not working out so well.
 
 Regards,
 
 ~brian
 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/Wsckx5euwRgJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet cron job class stamps file with date-time. How?

On Oct 4, 2012, at 12:17 PM, Stephen Gran wrote:
 Templates can take more than one source of data, so a trivial way to do this 
 is something like:
 
 content = template('site/header.erb', $template, 'site/footer.erb'),


You know, the inconsistency between source= and content= caught me here. I 
thought that listing multiple templates used the first one found, like source. 
But checking the docs shows that you are right: these would be concatenated.

That said, it doesn't solve the original question about how to include the 
date. If the template generated the date each time, the file would be different 
each time and be overwritten each time, which is probably not desirableable 
especially if a notify or subscribe caused a service to restart.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet cron job class stamps file with date-time. How?

I'm not sure it's that easy. The original question about how to include the 
date would cause some issues.. If the hiera lookup generated the date each 
time, the file would be different each time and be overwritten each time, which 
is probably not desirableable especially if a notify or subscribe caused a 
service to restart.

On Oct 4, 2012, at 12:19 PM, Christopher Wood wrote:
 In this case the text appears to be a hardcode in a couple of providers:
 
 $ grep -r managed\ manually `pwd`
 /usr/lib/ruby/1.8/puppet/provider/parsedfile.rb:# HEADER: by puppet.  While 
 it can still be managed manually, it
 /usr/lib/ruby/1.8/puppet/provider/cron/crontab.rb:# HEADER: While it can 
 still be managed manually, it is definitely not recommended.
 
 But this sounds like a great string for an environment-wide variable (hiera 
 lookup) that all your templates can use.
 
 On Thu, Oct 04, 2012 at 12:08:39PM -0700, Jo Rhett wrote:
   I would also like to know this. I keep hacking the same text into our
   templates. If there is a tag we could put in a template to get this output
   I'd like to know it.
   On Oct 1, 2012, at 12:05 PM, Brian Dunbar wrote:
 
 New puppet user.  I see that the cron class creates a cronjob with a
 date-time in the header, which is cool.
 # HEADER: This file was autogenerated at Mon Oct 01 11:43:25 -0500 2012
 by puppet.
 # HEADER: While it can still be managed manually, it is definitely not
 recommended.
 1. How does it do that? 
 2. I'd like to be able to edit the text, customize it.
 3. More particularly, how can I put a date/time stamp in other managed
 files?  
 I tried to do so with a template but that was not working out so well.
 Regards,
 ~brian
 --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To view this discussion on the web visit
 [1]https://groups.google.com/d/msg/puppet-users/-/Wsckx5euwRgJ.
 To post to this group, send email to [2]puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 [3]puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 [4]http://groups.google.com/group/puppet-users?hl=en.
 
   -- 
   Jo Rhett
   Net Consonance : net philanthropy to improve open source and internet
   projects.
 
   --
   You received this message because you are subscribed to the Google Groups
   Puppet Users group.
   To post to this group, send email to puppet-users@googlegroups.com.
   To unsubscribe from this group, send email to
   puppet-users+unsubscr...@googlegroups.com.
   For more options, visit this group at
   http://groups.google.com/group/puppet-users?hl=en.
 
 References
 
   Visible links
   1. https://groups.google.com/d/msg/puppet-users/-/Wsckx5euwRgJ
   2. mailto:puppet-users@googlegroups.com
   3. mailto:puppet-users+unsubscr...@googlegroups.com
   4. http://groups.google.com/group/puppet-users?hl=en
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: How to prevent puppet clients from updating to version 3?

On Oct 4, 2012, at 12:39 PM, Jeff McCune wrote:
 Either just use installed, or a specific version, and then you can upgrade
 when you are ready to.
 
 Even if you use ensure = installed, newly provisioned nodes will get
 the latest available version at the time Puppet first runs, which will
 cause issues unless you're also running a compatible Puppet master.


We have solved this here by only copying down the RPMs to a local repository 
after they have been tested. We've had too many puppet and facter versions 
cause major problems to take anything without a full testing cycle.

That said, it's a lot of work. I'd love to see the yum/etc resources updated to 
allow for  and = versions.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet/Passenger :: Could not retrieve catalog from remote server:Error 403 on server

2012-10-03 Thread Jo Rhett

On Oct 1, 2012, at 5:00 PM, Lunixer wrote:
 I'll try strace instead of tcpdump, being that this is not a TCP 
 communication problem over the wire but rather a file or directory access 
 problem.


Um, no. Puppet client talks to the server over the network, even on the same 
host. You really should listen to advice we provide. 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet/Passenger :: Could not retrieve catalog from remote server:Error 403 on server

2012-09-28 Thread Jo Rhett

Check the owner of config.ru. The owner of this file is who passenger will run 
the puppetmaster daemon as. I'm guessing that it's not owned by puppet.

On Sep 28, 2012, at 9:36 AM, Lunixer wrote:
 Greetings,
 
 I have a tested, working setup of Puppet and Webrick. I can add nodes, 
 classes, etc.
 Then I switched to Puppet/Passenger and get the error  below.
 Puppet, Apache and Passenger are all up.
 
 I have installed using YUM repos and GEMs. So, I have the most updated 
 packages they have.
 
 Puppet version: 2.7.19
 Ruby version: 1.8.7 (2011-06-30 patchlevel 352 i386)
 Apache: 2.2.15
 
 The error is below.
 I have found little references on the web. Has anyone come across such 
 problem recently?
 
 [root@puppetm01 ~]# puppet agent --test
 err: Could not retrieve catalog from remote server: Error 403 on SERVER: 
 Forbidden request: puppetm01.example.com(xxx.xxx.xxx.xxx) access to 
 /catalog/puppetm01.example.com [find] at line 53
 warning: Not using cache on failed catalog
 err: Could not retrieve catalog; skipping run
 err: Could not send report: Error 403 on SERVER: Forbidden request: 
 puppetm01.example.com(xxx.xxx.xxx.xxx) access to 
 /report/puppetm01.example.com [save] at line 53
 
 Below is the path to the catalog file to which I believe the error points.
 
 [root@puppetm01 ]# find /var/lib/puppet | grep catalog
 ./client_yaml/catalog
 ./client_yaml/catalog/puppetm01.example.com.yaml
 
 Thanks in advance for any pointers.
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/xms_wXhyV2EJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] deleting virtual users

2012-09-27 Thread Jo Rhett


On Sep 26, 2012, at 3:11 PM, Kristof Willaert wrote:
 How do I delete a realized user on a node?
 I was hoping to do something like
 realize(User['ahab']){ensure = absent }
 As this is not working, I wonder how to delete a realized virtual user.
 
 If you use resource collection instead of the realize function, you can
 override the attributes. This should work:
 
 User | title == 'ahab' | { ensure = absent }


I must have overlooked this. I thought that objects couldn't be changed after 
creation without using inheritence?

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppetmaster with mongrel

2012-09-27 Thread Jo Rhett

On Sep 27, 2012, at 3:07 PM, Ignoramus wrote:
 1) Even though i followed instructions on 
 http://projects.puppetlabs.com/projects/1/wiki/Using_Mongrel on using 
 Mongrel, puppetmaster is probably still using webrick since the client 
 connection timeout still occurs. How do i make it use mongrel?

Turn off puppetmaster daemon?  And if that was true, Mongrel should complain 
that the puppetmaster port was in use.

 2) Now after messing a little with /etc/sysconfig/puppetmaster i increased 
 the number of ports to 9 (18140 through 18148). How do I know these are being 
 used as load balancers and 

/etc/sysconfig/puppetmaster would only affect the puppetmaster webrick daemon, 
not puppetmaster as a client of mongrel.

Note: I don't understand what you mean about load balancing across ports. 
There's no such capability in puppetmaster. And if you are running under 
mongrel then all port usage would be defined within mongrel, not within 
puppetmaster's config.


 3) when i do /usr/sbin/puppetmasterd --genconfig  | grep servertype the o/p 
 is # servertype webrick

genconfig doesn't know about anything else. You'd have to run geconfig under 
mongel (not really possible)

 4) when i open /etc/sysconfig/puppetmaster and change the 
 PUPPETMASTER_EXTRA_OPTS=--servertype=mongrel, does it help?

Nope. Again, that file only affects options for the webrick daemon.

And I think the key to all your questions is here:

 also which is the default port for puppetmaster where it accepts all incoming 
 requests from clients?

This is clearly documented in many parts of the documentation. You are reading 
the docs, aren't you?

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] deleting virtual users

2012-09-26 Thread Jo Rhett

Realizing doesn't allow overrides. To remove the user:

@user ahab { ensure = absent }
realize User['ahab']

This may mean you need to use inheritence for the class the user is defined in, 
creating a child class for the nodes you want to remove him on.

On Sep 26, 2012, at 11:53 AM, erkan yanar wrote:
 Moin,
 I started to virtualise user. Works fine so far.
 Playing a bit a problem popped up.
 
 given:
 User 'ahab' realized on a bunch of nodes node01 .. node08.
 
 How do I delete a realized user on a node?
 I was hoping to do something like
 realize(User['ahab']){ensure = absent }
 As this is not working, I wonder how to delete a realized virtual user.
 
 Regards
 Erkan
 
 
 -- 
 über den grenzen muß die freiheit wohl wolkenlos sein
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] require class inside fact

2012-09-25 Thread Jo Rhett

Your usage here is backwards. You need to re-read how puppet works. The node 
collects its facts and submits them to the puppet master. The puppet master 
uses the facts to compile a catalog for the node, which will be run by the node.

So you can set $foot in the fact, and echo it in the class, but not vice versa 
as you have done below.

On Sep 25, 2012, at 5:28 AM, Frank wrote:
 I've created a class where I define some variables like $mydns, $myproxy, etc 
 to use everywhere (in other manifests)
 
 The question is: Can I call these class variables inside a fact definition?
 
 Something like:
 
 #somemanifest.pp
 class x {
   $foo = great
 }
 
 #somefact.rb
 
 Facter.add(foo) do
   setcode do
   Facter::Util::Resolution.exec('echo ${x::foo}')
   end
 end
 
 
 
 Thanks in advance
 
 -- 
 Frank
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet and std

2012-09-20 Thread Jo Rhett

Are you starting puppet by hand, or using service? Try doing it by hand.

And you can always strace -s 2048 and see the entire message.

On Sep 20, 2012, at 8:49 AM, Fabrice Bacchella wrote:
 I'm running puppet on a Centos 5.8
 
 I'm trying to launch puppet as a daemon and it fail silently. --debug 
 provides no help
 
 So I tried to strace it, I'm getting this :
 
 1845  close(0)  = 0
 1845  open(/dev/null, O_RDONLY)   = 0
 1845  close(1)  = 0
 1845  open(/dev/null, O_WRONLY|O_CREAT|O_APPEND, 0666) = 1
 ...
 1845  dup2(1, 2)= 2
 ...
 1845  write(2, Could not run: Daemons must have..., 58) = 58
 | 0  43 6f 75 6c 64 20 6e 6f  74 20 72 75 6e 3a 20 44  Could no t run: D |
 | 00010  61 65 6d 6f 6e 73 20 6d  75 73 74 20 68 61 76 65  aemons m ust have |
 | 00020  20 61 6e 20 61 67 65 6e  74 2c 20 73 65 72 76 65   an agen t, serve |
 | 00030  72 2c 20 6f 72 20 62 6f  74 68r, or bo th   |
 1845  write(2, \n, 1) = 1
 | 0  0a. |
 
 So if I understand it right, a message is send to a nulled stderr. Do you 
 know how I can get it back ?
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet Dashboard 1.2.11 rpm is missing the build_defaults.yaml file

2012-09-18 Thread Jo Rhett

I installed the RPM available from yum.puppetlabs.com on CentOS 6.x and I 
receive the following error when upgrading from 1.2.10 to 1.2.11.

$ rake db:migrate RAILS_ENV=production 
certificate_path: 'certs/puppet.cert.pem'
private_key_path: 'certs/puppet.private_key.pem'
public_key_path: 'certs/puppet.public_key.pem'

(in /usr/share/puppet-dashboard)
Unable to read the packaging repo info from ext/build_defaults.yaml
$ ls ext
passenger  puppet
$ find ext
ext
ext/passenger
ext/passenger/dashboard-vhost.conf
ext/puppet
ext/puppet/puppet_dashboard.rb

Dashboard appears to be working fine, but the error provides some cause for 
concern.

On Sep 13, 2012, at 3:14 PM, Matthaus Owens wrote:
 Puppet Dashboard 1.2.11 is a maintenance and bugfix release of Puppet 
 Dashboard.
 
 This release is available for download at:
 https://downloads.puppetlabs.com/dashboard/puppet-dashboard-1.2.11.tar.gz
 
 Debian packages are available at
 https://apt.puppetlabs.com
 
 RPM packages are available at
 https://yum.puppetlabs.com
 
 See the Verifying Puppet Download section at:
 http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
 
 Please report feedback via the Puppet Labs Redmine site, using an
 affected version of 1.2.11:
 http://projects.puppetlabs.com/projects/dashboard
 
 Documentation is available at:
 http://docs.puppetlabs.com/dashboard/index.html
 
 Puppet Dashboard 1.2.11 Highlights
 
 (#15196) Make items per page configurable
This commit adds the ability to specify the number of specific items
per page displayed by dashboard in the settings.yml file, including
nodes, classes, groups and reports per page.
 
 Autorefresh link gen fixed to work under passenger
Autorefresh link generation did not take root_path for the
application into consideration. Using File.join() to try and avoid
multiple /'s getting into generated url which would cause routing
problems.
 
 Shift to using packaging repo for packaging tasks
This release introduces Dashboard's use of the packaging repo at
https://github.com/puppetlabs/packaging for packaging automation. From
source, doing a rake package:bootstrap clones packaging tasks into
ext/packaging and adds rake tasks for packaging of tar, srpm, rpm, and
deb using tools such as rpmbuild and debuild, as well as
puppetlabs-namespaced tasks that use chroot environment tools and are
keyed to specifically interacting with the puppetlabs environment. The
packaging repo works in tandem with the new package-builder modules
designed to set up hosts for packaging,
https://github.com/puppetlabs/puppetlabs-rpmbuilder, and
https://github.com/puppetlabs/puppetlabs-debbuilder. This is very much
a work in progress, but a model for how packaging automation could
improve across many Puppet Labs projects.
 
 Puppet Dashboard 1.2.11 Changelog
 
 Boyan Tabakov (2):
  d6619a1 Updated debian postinst script to link properly the
 settings.yml file to puppet-dashboard config directory.
  a8a97dc Fixed linking of database.yml in debian postinst to use
 absolute path.
 
 Erik Dalén (1):
  ffe7bdd (#15196) Make items per page configurable
 
 Jani Mikkonen (1):
  df5a20a Autorefresh link gen fixed to work under passenger
 
 Joshua Harlan Lifton (2):
  c64c013 (#10477) Clean up log files by moving message to debug
  a8e2586 Fix spec tests broken by commit c64c013
 
 Matthaus Litteken (2):
  8806f60 (#15291) Add Vendor tag to Puppet-Dashboard spec file
  c0592af Update CHANGELOG, VERSION for 1.2.11
 
 Moses Mendoza (10):
  3abf9df Move packaging up to ext to avoid conflict with pkging repo
  71d302a re-template debian changelog
  4201990 Fixup redhat spec erb for packaging repo
  42030b8 Remove obsolete package.rake file
  da22ddd Add packaging data files
  8f03e6c Add VERSION file to source
  e6f6acf Fixup Rakefile for setting up packaging repo
  101af75 Update supported debian versions and cows
  20a109a Update mocks to accurately reflect dashboard builds
  dd88f0b Update CHANGELOG, VERSION for 1.2.11-rc1
 
 Will Hopper (2):
  63a0634 Add release number variable to packaging rake task
  5eccef2 (#15523) Update Debian packaging rake task to create the
 debian and original tarballs
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Developers group.
 To post to this group, send email to puppet-...@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-dev+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-dev?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com

[Puppet Users] Dashboard -- difference between runtime graph and runtime chart?

2012-09-18 Thread Jo Rhett

So if you click on a node in dashboard, you see a graph that shows the puppet 
run times for the host.  This matches with what I have observed, 140-150 
seconds for a puppet run.

In the chart below that I see numbers like:

Config retrieval: 3.86s
Runtime: 22.43s

So this leads to the following questions:

1. Why doesn't the runtime graph match the runtime column?  Perhaps one of 
these two needs to be renamed?

2. Can you outline where the time difference between the numbers in the graph 
and the numbers in the chart lies?  What is missing?

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] logoutput=on_failure doesn't work as expected

2012-08-27 Thread Jo Rhett

I think you are using the syntax wrong.  Try to phrase your request in 
statements like ensure this is true instead of if/then case logic.

ensure foo
requires bar

Also remember that the server doesn't know anything about the client, and the 
client's information is only collected once, and sent to the server from which 
a compiled catalog (with all if/thens resolved) is produced.  So you can't have 
an if/then which is resolved at runtime.

If you require a file, you will get a failure that the file exists or not. And 
an info message that service can't be dealt with since requirement failed. I 
think what you want to do is create a fact about whether the file exists or 
not, and then only define the service if the fact is true.  Look up custom 
facts and you'll get there. Then your fact will be submitted, and the catalog 
will be revised based on the value of the fact -- which should meet your needs.

On Aug 25, 2012, at 8:49 PM, mthebie99 wrote:
 On Thursday, February 17, 2011 3:33:43 PM UTC-8, Bryan wrote:
 I'm using puppet 0.25.1. I've got a simple resource: exec { /bin/ls 
 $oracle_base/dba/bin/database_backup.ksh: logoutput = on_failure, } and I 
 don't want it to log every time it's successfully run: $ sudo tail -F 
 /var/log/messages | grep puppetd Feb 17 16:36:11 test puppetd[26614]: 
 (//my_module/Exec[/bin/ls /u01/ 
 app/oracle/dba/bin/database_backup.ksh]/returns) executed successfully but 
 logoutput = on_failure doesn't suppress the above message. Is that 
 parameter not available in my version of puppet, or am I perhaps 
 misunderstanding its purpose? I'm guessing the latter since it looks like it 
 was introduced 3 years ago. In the meantime, I'm using this ugly, redundant 
 hack to do what I want: exec { /bin/ls 
 $oracle_base/dba/bin/database_backup.ksh: unless = /bin/ls 
 $oracle_base/dba/bin/database_backup.ksh, } Thanks!
 
 This is an old one, but I found it ALMOST useful.  I'd like to take this one 
 step further:
 
 I have a subscribe statement on a service that requires a file. And, now I 
 have the error on the non-existent file, it is still trying to run the 
 service. I have tried every possible way to bypass this, even with an exec 
 (file not found). Since the exec statement itself is successful (in not 
 finding the file), it sill launches the service dependent on that file. 
 Finally, I really don't want errors to go to the client syslog... that is the 
 whole reason why I want to do the checking first.  To avoid errors in syslog 
 when the service fails (for reason of a lacking patch... another issue: how 
 to work with patching if grep for patch; exists/not exists; optional run). 
 I'll keep looking but this lack of conditional services is painful.
 
 file {'clientxml':
 path = /var/svc/manifest/network/sendmail-client.xml,
 ensure = true,
 backup = false,
 noop = true,
 loglevel = err,
 }
 service { clientmail:
 name = sendmail-client:default,
 manifest = /var/svc/manifest/network/sendmail-client.xml,
 provider = smf,
 enable = true,
 hasrestart = true,
 require = File['clientxml']
 }
 
 Example:
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/KuU0kquGRWkJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: Puppet 2.7.19 Available

2012-08-23 Thread Jo Rhett

On Aug 21, 2012, at 4:21 PM, Moses Mendoza wrote:
 Puppet 2.7.19 is a maintenance release candidate for Puppet in the

Release, or release candidate? One of (version number, announcement) seems to 
be inconsistent.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] don't push out facter-1.6.11 without testing ; causes puppetd hang

2012-08-20 Thread Jo Rhett

Nope, they think they are running. We had to reset the policy to downgrade 
facter, then login to each host and service puppet stop ; puppet agent --test 
--ignoreschedules (our systems are set to only upgrade packages in certain 
hours) to get the hosts back online.

This looks similar to the old problem with a kernel that changed proc 
semantics, but it's not the kernel this time. Reverting facter to 1.6.10 
resolves the issue.

On Aug 17, 2012, at 5:55 PM, Stuart Cracraft wrote:
 Can you kick them somehow?
 
 On Aug 17, 2012, at 5:50 PM, Jo Rhett jrh...@netconsonance.com wrote:
 
 At least on CentOS 5 and CentOS 6, after upgrading to facter 1.6.11 our 
 hosts stopped checking in. Stale puppetdlock problem.
 
 -- 
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet 
 projects.
 
 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet client could not request certificate: Error 500 on SERVER

2012-08-20 Thread Jo Rhett

You should spend some time and determine how and why that is happening. I can 
assure you that it's not normal, so this is something specific to some custom 
code on your site.

On Aug 19, 2012, at 10:56 AM, Stuart Cracraft wrote:
 I am seriously thinking of putting those recursive chown's in root crontab on 
 puppet masters and puppet agents for /etc/puppet* and 
 /var/lib/puppet*
 
 I shouldn't have to do this but have 
 seen cases of ownership reversion. 
 
 
 --Stuart
 
 Via Apple iPhone 4S on the ATT Wireless Network
 
 
 On Aug 13, 2012, at 3:04 AM, Frederik Vos inktvi...@gmail.com wrote:
 
 For the people still looking for an answer:
 chown -R puppet:puppet /var/lib/puppet/reports
 
 Op woensdag 30 maart 2011 21:02:43 UTC+2 schreef hyzhang het volgende:
 Thank. I am pasting the entire message here: 
 
 Mar 30 14:01:04 puppetclient1 puppet-agent[28571]: Could not request 
 certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD 
 HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html 
 head meta http-equiv=Content-Type content=text/html; 
 charset=UTF-8 meta name=generator content=Phusion 
 Passenger titleRuby (Rack) application could not be started/ 
 title style type=text/css body {  font- 
 family: Verdana, 'Bitstream Vera Sans', Arial, Sans-Serif; 
 font-size: 10pt;background: white;  color: 
 #22; margin: 0;  padding-top: 3em;   padding- 
 bottom: 3em;padding-left: 4.5em;padding-right: 4.5em; }  h1 
 {   font-size: 17pt;font-weight: medium;color: 
 #533e72; border-bottom: 1px solid #533e72; }  h1.title 
 { margin-top: 0; }  h1.error_title {  color: red; 
 border-bottom: 1px solid red; }  a {text-decoration: none; } 
 a:hover { text-decoration: underline; }  dt { font-weight: 
 bold;  color: #280050; }  dd { margin-top: 0.5em; 
 margin-bottom: 1em; }  .commands {  border: 1px 
 
 Somehow I am able to get the certificate for the client. Since above 
 error message says Ruby (Rack) application could not be started, I 
 did 
 #rackup /usr/share/puppet/rack/puppetmasterd/config.ru 
 Then I see the rack process on puppet server 
 #ps -ef|grep rack 
 puppet   27140 1  0 14:21 ?00:00:00 Rack: /usr/share/ 
 puppet/rack/puppetmasterd 
 
 From then on the server is able to receive the client certificate 
 request and sign it. 
 
 Do I have to start the rack manually in a manner like that? I thought 
 if I start httpd service, it would start rack automatically. 
 
 I am still not sure if I did everything right. 
 
 Thanks, 
 -Haiyan 
 
 
 
 
 
 
 On Mar 30, 2:38 pm, Hugo Cisneiros (Eitch) 
 hugo.cisnei...@gmail.com wrote: 
  On Wed, Mar 30, 2011 at 3:00 PM, hyzhang hyzh...@jcvi.org wrote: 
   Hi, I am new to puppet. 
  
   I have puppet server set up with passenger. But when I start puppetd 
   from client, I see following error in the syslog file: 
   Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request 
   certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD 
   HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html 
   head meta http-equiv=Content-Type content=text/html; 
   charset=UTF-8 meta name=generator content=Phusion 
   Passenger titleRuby (Rack) application could not be started/ 
   title  
  
  You didn't paste the most important part of the error. Thie page ruby/rack 
  generates usually have some pretty useful information in an error field. 
  Like a module missing on an import/require, permission problems, and so 
  on. 
  Please identify and post the error so we can be helpful :) 
  
  -- 
  []'s 
  Hugowww.devin.com.br
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/ltKL6JvCWQEJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] don't push out facter-1.6.11 without testing ; causes puppetd hang

2012-08-20 Thread Jo Rhett

Lots of people have logged information in ticket #10418 
http://projects.puppetlabs.com/issues/10418

I don't have much time to track this today, but our environment is fairly 
bone-stock CentOS 5.6, Ruby 1.8.7, Puppet 1.7.18. The only custom facts come 
from puppetlabs-stdlib. 

On Aug 20, 2012, at 1:38 PM, Justin Stoller wrote:
 Do you have any debugging information about this issue? Stack traces,
 systems, versions, ruby, custom facts, etc would all be helpful. It
 certainly seems from what you said that the version of Facter had
 something to do with this error, but I'm not exactly sure how Facter
 would affect Puppet's lock file
 
 - Justin
 
 On Mon, Aug 20, 2012 at 1:02 PM, Jo Rhett jrh...@netconsonance.com wrote:
 Nope, they think they are running. We had to reset the policy to downgrade
 facter, then login to each host and service puppet stop ; puppet agent
 --test --ignoreschedules (our systems are set to only upgrade packages in
 certain hours) to get the hosts back online.
 
 This looks similar to the old problem with a kernel that changed proc
 semantics, but it's not the kernel this time. Reverting facter to 1.6.10
 resolves the issue.
 
 On Aug 17, 2012, at 5:55 PM, Stuart Cracraft wrote:
 
 Can you kick them somehow?
 
 On Aug 17, 2012, at 5:50 PM, Jo Rhett jrh...@netconsonance.com wrote:
 
 At least on CentOS 5 and CentOS 6, after upgrading to facter 1.6.11 our
 hosts stopped checking in. Stale puppetdlock problem.
 
 --
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet
 projects.
 
 
 
 
 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.
 
 
 
 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.
 
 
 --
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet
 projects.
 
 
 
 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] don't push out facter-1.6.11 without testing ; causes puppetd hang

2012-08-17 Thread Jo Rhett

At least on CentOS 5 and CentOS 6, after upgrading to facter 1.6.11 our hosts 
stopped checking in. Stale puppetdlock problem.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

2012-07-18 Thread Jo Rhett

On 07/17/2012 07:31 PM, Jo Rhett wrote:
 Is this not the epitome of diverse and redundant dependancies? I can't
 edit my hiera data without evaluating puppet manifests, I can't edit the
 puppet manifests without editing the hiera data…

On Jul 18, 2012, at 1:19 AM, Felix Frank wrote:
 Rather, if you're not intending to scribble YAML files by hand (which is
 entirely possible), you would have to write a web frontend or similar.


Understood. The problem is that every example I've seen to date you have to 
know the puppet module code well to edit the data. The value of a front-end 
would be to allow users other than ruby coders to manage the data. I haven't 
seen any examples with enough differentiation for that.

Ultimately I guess you build an entire ecosystem where you tie the front-end 
data management code to the puppet manifests in git and update both at the same 
time--but that's one hell of an infrastructure creation that I don't have 
enough free time for.  In short, I believe that hiera is only useful for 
companies who already have a large information schema from which to draw their 
data, and you are only editing the hiera adapters to get the data as you update 
the puppet manifests.  Anyone else has a huge project to get to useful.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

On Jul 17, 2012, at 12:54 AM, Felix Frank wrote:
 On 07/16/2012 10:29 PM, Jo Rhett wrote:
 We aren't, because we have no external datasource for this stuff and
 every example we've seen (like yours above) indicates that we're going
 to have to put half of the logic engine of puppet inside the data
 source, which means it needs to be a very complex thing that enforces
 the structure and somehow ties it with the puppet logic. Our analysis so
 far is that to implement hiera we're going to have to write our own
 software platform which manages hiera data and writes out puppet
 policies on the fly when the data changes.
 
 Not quite. I believe that the canonical approach is to move your node -
 roles relation into hiera. This way you need little individual
 manifest code per node.
 You certainly need a means to manage hiera's datastores, but I don't
 think generating manifests is required.


Is this not the epitome of diverse and redundant dependancies? I can't edit my 
hiera data without evaluating puppet manifests, I can't edit the puppet 
manifests without editing the hiera data…

In short, I'll look at hiera as soon as I have time to build out a whole new 
infrastructure for data management. And trust me, free time is something I have 
lots of. (not)

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

On Jul 17, 2012, at 6:30 AM, jcbollinger wrote:
 Apparently so.  I don't want to drag this thread off into a rehash of the 
 constraints idea, but one of the central ideas is that it allows cooperative 
 specification of resource properties.  Constraints -- as I envision them -- 
 are not a dynamic validation feature, but rather an indirect, deferred 
 declaration feature.  In many cases, explicit resource declarations could be 
 replaced by one or more constraints on the same resource, which could appear 
 anywhere in the manifest set.  Everything gets resolved after all resources 
 are compiled.

Sounds like treating hiera data as virtualized to me (and sounds like a 
functional way to deal with the issues we are discussing).  How would you 
implement this today?

 I'll say no more about that here, but if anyone wants to discuss it further 
 then I'd be likely to respond to a new thread on that topic.

Seems like a thread that you should name, unless you want a thread labelled 
Ask John … ;-)

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet host tagging

Don't know why you are asking foreman questions on a puppet list, but puppet 
agent --test --tags tag1 on the host or puppet kick hostname --tags tag1 
from the puppetmaster would do what you want.

On Jul 16, 2012, at 11:46 PM, Yaniv Fine wrote:
 i am running puppet version 2.6.16 and foreman Version 0.4.2 .
 my question is as follows .
 i would like to know if there is a way to tag server with a group tagging . 
 for example .
 let say i am running apache with a unique configuration and network 
 architecture and want to tag in with tag1
 and a i have few more apache installation with the a new unique   
 configuration and architecture that i want to tag them with tag2 .
 and so on and so on .
 lets say i have would like to perform some action (run service -insure = 
 latest ) only on tag1 .
 is there a way to perform this action within foreman ?
 i know i can do do group actions with Hostgroup but a host can belong to 
 only one hostgroup . what happens if i want a host to belong to more that 1 
 group ? .
 i hope that my question is clean .
 thank you for any help
 .
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/8QFa3uUqcUUJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

On Jul 17, 2012, at 12:42 PM, jcbollinger wrote:
 I apologize for how abstract and vague that description is, but there is a 
 great deal more design effort needed than I am prepared to exert at the 
 moment.


No worries. It confirms what is necessary for me right now which is that it's 
not something I should be testing anytime soon ;-)

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] can't authenticate based on IP? what? huh?

Okay, I totally did see this in the release notes but I read it that you 
weren't allowing certificates with IP addresses in them, not that you wouldn't 
allow IP authentication in auth.conf at all.  

Jul 17 14:52:46 sj2-puppet puppet-master[13998]: Authentication based on IP 
address is deprecated; please use certname-based rules instead

I don't feel that it is reasonable to expect that every puppet customer match 
up their naming scheme to their IP blocks, nor to want to list every possible 
naming scheme in their authorization list when an IP bitmask will do the job 
much more simply.

I don't mind or care about IPs in certificates--I've never seen this, and don't 
expect to. But disallowing IP-based authentication is going to be very 
difficult at many sites, and possibly allow things which were never intended. 
Please reconsider this.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

2012-07-16 Thread Jo Rhett

On Jul 16, 2012, at 8:42 AM, Felix Frank wrote:
 I cannot, of course, but I do sympathize with Jo's notion that in order
 to solve the apparently small problem of making resource overrides
 scale, he is now required to rework most if not all of his manifests to
 play with a hiera based approach.


Well, more matter of factly, that shifting to a hiera-based approach would 
require us to manage very carefully the balance of data between puppet and 
hiera, and manage by eyeball the dependencies between the two. There is 
considerable resistance to this idea here.

If it was possible to put all the user and group information in hiera and then 
put the assignment/management of that information into puppet then we could 
probably manage that. But having to edit this host gets the sql server info 
in puppet and then these users get put in mysql group on this host in hiera 
is completely nonfunctional, and I've seen no examples of ways to bridge that 
gap.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] system users caching

2012-07-16 Thread Jo Rhett

This is likely a factor of how unix works rather than puppet.  When puppet 
starts up, it reads nsswitch.conf. If you modify nsswitch.conf during the 
puppet run, it will not see the changes until after the process has restarted 
and sees the new nsswitch.conf file.

I have gotten around this by putting the LDAP config in a stage prior to main 
and restarting puppet within that stage, so that puppet restarts itself before 
processing the main stage. It's a bit clunky and painful to manage the 
dependancy trees, but it works.

On Jul 15, 2012, at 2:01 PM, Thomas Bétrancourt wrote:
 On my servers, i'm using pam-ldap and cie.
 
 All the configuration of the system is done by puppet.
 
 After to the system installation, when i run puppet, in a first time, puppet 
 sets up the ldap configuration and after, the services installation and 
 configuration.
 
 While setting up of one of these services, puppet doesn't find a user which 
 is provided by LDAP. When i launch again puppet, the user is found.
 
 I think that puppet stores in it's cache the list of the users of the system, 
 but when ldap is up, puppet doesn't reload it's cache to find new users.
 
 It's there a way to do this ?
 
 Thank you for your support
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/L2o0C_vGeJwJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

2012-07-16 Thread Jo Rhett

On Jul 16, 2012, at 11:55 AM, Christopher Wood wrote:
 Possibly something like the following pseudocode example? The main point 
 being to only include a puppet class if there's a certain piece of data in 
 hiera.
 
 node default {
  if hiera('usemysql') {
include mysql::service
  }
  if hiera_array('users') {
include users
  }
 }

I'm not sure how this would work.  So you're now talking about putting all the 
if/then logic inside hiera?

 (I haven't tested the above myself. We're still not using hiera at work, 
 more's the pity.)


We aren't, because we have no external datasource for this stuff and every 
example we've seen (like yours above) indicates that we're going to have to put 
half of the logic engine of puppet inside the data source, which means it needs 
to be a very complex thing that enforces the structure and somehow ties it with 
the puppet logic. Our analysis so far is that to implement hiera we're going to 
have to write our own software platform which manages hiera data and writes out 
puppet policies on the fly when the data changes.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Installing and configuring puppetmaster-passenger

2012-07-13 Thread Jo Rhett

 certificate for cd-vgpereravos.domain.com
 debug: Using cached certificate_revocation_list for ca
 debug: catalog supports formats: b64_zlib_yaml dot pson raw yaml;
 using pson
 err: Could not retrieve catalog from remote server: execution expired
 warning: Not using cache on failed catalog
 err: Could not retrieve catalog; skipping run
 debug: Executing '/etc/puppet/etckeeper-commit-post'
 
 Really appreciate any thoughts on how to resolve this. I have already
 gone through web and still was not able to resolve this. Thanks in
 advance.
 Kalani
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: Puppet Dashboard 1.2.10 Available

2012-07-13 Thread Jo Rhett


On Jul 12, 2012, at 11:50 PM, Stefan Heijmans wrote:
 the maintaining page also mentions;
 If you run ‘rake reports:prune’ without any arguments, it will display 
 further usage instructions.
 
 Just installed in in our sandbox and it shows;
 
 rake reports:prune
 EXAMPLE:
   # Prune records upto 1 month old:
   rake reports:prune upto=1 unit=mon
 
 UNITS:
   Valid units of time are: mon,yr,day,min,wk,hr
 

Hm, yes. What does that have to do with my question about the new rake job to 
install a cron script?

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

2012-07-13 Thread Jo Rhett

On Jul 13, 2012, at 8:02 AM, jcbollinger wrote:
 Relying on a single source of information is exactly what what I have 
 suggested you do, specifically by using an up-front group list both to filter 
 users' declared secondary groups and to drive which groups get realized.  I 
 have described that three times now, and it's included in the example code I 
 posted earlier.  You can populate such a list by whatever means you want and 
 from whatever source you want, and you can store it wherever you want, so 
 long as you produce the entire list before any part of it is needed.

I did not see that from what you showed. Your example didn't show how to 
aggregate or use the data at all. I saw six classes that were significantly 
more complex and appeared to require defining the data in multiple places. 
There was certainly no obvious way this would reduce my data sources.

 So no, I'm not suggesting you mirror information from your puppet manifests.  
 Rather, I am suggesting that you move implicit information out of your 
 manifests to someplace more accessible.  Study my example if you still don't 
 understand what I mean by that.  The someplace where the information lands 
 could be an explicit expression elsewhere in your manifests, or it could be 
 external, as seems best to you. The information implicitly encoded in the 
 structure of your manifests and/or developed during compilation is inherently 
 difficult to use from within the manifests themselves, and if you insist on 
 using it anyway then you're choosing to be stuck in an uncomfortable position.

I hear what you are saying, but I really don't see how your example makes this 
idea clear. I saw multiple sets of classes relying on each other's data in an 
unreadable manner.

I would argue that even if it does do what I meant, the very fact that I 
couldn't read it to understand this ensures nobody else here has a chance at 
maintaining it. More complex is not a desired trait here.

In general I see ENCs as eventually providing a way to simplify the data input, 
but that's not what I've seen recommended or demonstrated. The case for ENCs 
would be made a lot stronger if some good examples of ways to simply via the 
use of ENCs were posted.

 More generally, people recommending various possible data sources to you -- 
 hiera, ENC, etc. -- are not implying that you should spread out your data.  
 That's a function of your own manifest designs and how you use the data.  You 
 do a disservice to those volunteering their help to you by criticizing them 
 for deficiencies in your imagined applications of their suggestions.


I could go back and make a line by line review of every single time people have 
told me that I should take data from the puppet manifests and reinforce it / 
control it via data from an ENC. There hasn't been a single situation where 
someone said what you are suggesting -- hey, pull this all out of puppet and 
incorporate it this way (x) so that you can get what you want.  It has always 
been how to do half the job in puppet and half the job in something else, and 
manually manage the dependancies between the two.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

That's great if you have centralized and co-hosted infrastructure and are 
willing to accept the dependancy. Given that this is a small need for a small 
number of users on a very small amount of systems (like 3 out of hundreds) 
without a centralized backbone between them, implementing LDAP makes little 
sense.

On Jul 12, 2012, at 12:52 AM, Denmat wrote:
 Puppet users and groups are fiddly. My current not implemented thinking is to 
 use ldap and manage pam_groups via puppet on the hosts to get the 
 granularity. 
 
 More thinking out loud than anything else.
 
 Den
 
 On 12/07/2012, at 6:03, Jo Rhett jrh...@netconsonance.com wrote:
 
 I'm fighting with a ticklish issue.  We have some groups and users that only 
 belong on some systems. So we made all users virtual and then realize them 
 in classes specific to those system types.  This works quite well for the 
 users, but not for the groups. When you specify a user, you have to list all 
 the groups they are in. 
   groups = ['support',ops','dev'],
 
  Obviously some groups aren't realized on all systems, so this produces an 
 error when usermod is run.
  '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: 
 unknown group dev
  usermod: unknown group dev
 
 So I tried to get smarter, and put logic to add the group to each member 
 under the appropriate class
  Class users::dev inherits users { 
  User['jrhett'] { groups + ['dev'] }
  }
 
 This works… almost. It works for all instances where the user is only 
 subclassed once. But if I do the same technique in multiple classes I get 
 
 err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
 Parameter 'groups' is already set on User_and_key[jrhett] by 
 #Puppet::Resource::Type:0x7f4feed2d828 at 
 /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at 
 /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com
 
 So how can this be achieved, short of using an exec with an unless doing 
 another exec to determine if the group exists?
 
 -- 
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet 
 projects.
 
 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?


On Jul 12, 2012, at 4:30 AM, Felix Frank wrote:
 On 07/11/2012 10:03 PM, Jo Rhett wrote:
 So I tried to get smarter, and put logic to add the group to each member
 under the appropriate class
 Class users::dev inherits users { 
 User['jrhett'] { groups + ['dev'] }
 }
 
 This works… almost. It works for all instances where the user is only
 subclassed once. But if I do the same technique in multiple classes I get 
 
 sound approach, but I've hit this wall a couple of times as well.
 
 I've resorted to horrors that would add items to array variables that
 are declared in a central, well-known class, and use the final value for
 the resources in question. Depending on how much flexibility is
 required, this may not be feasible at all.

Hm. That might work, but seems even uglier :(

 Perhaps hiera can be used to do something clever here?


This is actually something that hiera seems perfect for, but we simply don't 
have any backend dataset from which to derive hiera data at this time. That is 
going to change, and I'm looking forward to having hiera access at that point.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

On Jul 12, 2012, at 6:46 AM, jcbollinger wrote:
 If it is the case that each user always has the same potential secondary 
 groups, and you need to narrow the actual secondary groups to those that are 
 actually present, then I think you could do it without too much pain.  The 
 main ingredients would be a list (array) of the groups that are supposed to 
 be present, and a custom function that forms the intersection of two arrays.  
 (Or you could use an inline template and split(), but yuck!)
 
 Hiera would probably provide a good means for building the list of available 
 groups, which you could then use not only to filter user definitions but also 
 to drive virtual group realization.  Here's a skeleton of how it might work:
 
 class auth::constants {
   $available_groups = hiera('groups')
 }

Interesting idea, but depends on an external datasource that tells us which 
groups are valid.  Since all of these groups are already defined in puppet, I 
simply don't see the value of managing intersections of data between a hiera 
data source and puppet.

   # Virtual user declarations, such as
   @user { 'jbolling':
 uid = 4200,
 gid = 4200,
 groups = intersect(['dev', 'support', 'ops'], 
 $auth::constants::available_groups)
   }
 }


I think the intersect idea is valid, as long as I can find out if a parameter 
is realized or not.  Basically, write a function that removes from the array 
any group which isn't realized. This removes any need for heira.  However I'm 
poking around and the docs don't show any methods to determine if something has 
been realized or not.

If I am reading this right, intersect is provided by stdlib, right?  So I 
really just need to write a function to determine if something is realized or 
not. I suspect this is going to fall back to the same issues as defined() 
unless I can delay execution until the end.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

On Jul 12, 2012, at 2:26 PM, jcbollinger wrote:
 I would avoid that variation on this approach if at all possible.  You would 
 sidestep multiple pitfalls if you could determine up front, based on node 
 name and facts, which groups are supposed to be present, instead of 
 attempting to determine after the fact which were realized.  Indeed, you 
 might even find it convenient to use that information to drive group 
 realization.
 If nothing else, doing so would ensure that users aren't assigned to 
 secondary groups that don't get realized.

This is what policy as expressed in the puppet manifests does. I don't see how 
to avoid the unrealized problem here.

What's funny is that you are expressing exactly what puppet does today, but it 
appears you are suggesting that I need to create another data source and mirror 
the information out of puppet manifests into that for comparison purposes. Huh?

I'm a bit baffled by the fairly constant suggestion by people here that I keep 
spreading out the places where information is stored. The point is to 
centralize the data, not provide more sources to grow inconsistent with each 
other.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: Puppet Dashboard 1.2.10 Available